If CGI TS build is used, and there are some hard errors (fe missing dependency .dll or .so), the core will want to log it. The CGI log function will want to check whether fcgi_logging is enabled. But, if this kind of error happens in the extension register phase, MINIT for the CGI module is most likely wasn't run yet (startup phase). That will result in accessing uninitialized globals and a crash./php-src/sapi/cgi/cgi_main.c

Encapsulate FastCGI implementation details. Previously fcgi_request defined in main/fastcgi.h might be treated differently in different files, because of different behavior of #ifdef TCP_NODELAY. This leaded to stack memory corruption and unpredictable crashes./php-src/sapi/cgi/cgi_main.c

Merge mainstream 'master' branch into refactoring During merge I had to revert: Nikita's patch for php_splice() (it probably needs to be applyed again) Bob Weinand's patches related to constant expression handling (we need to review them carefully) I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)

* pull-request/500: limit virtual_cwd_activate() duplicated call to ZTS only reverted the previous commit, both calls are needed in TS mode virtual_cwd_activate() should be called only in one place back to do_alloca() removed unnecessary call simplify the state free macros compact the code to preserve the error info after state freeing back to do_alloca(), reverted the wrong replacement enabled windows to use stack in both ts/nts mode, some more fixes moved to do_alloca() usage where appropriate fixed invalid free fixed virtual cwd header in phar updated NEWS fixed all the places where last error could be lost preserve the error code applied and fixed the original patch initial move on renaming files and fixing includes

This is essentially the same as the patch "uploads_larger_than_2g_HEAD_v2 (last revision 2012-03-26 03:59 UTC) by jason at infininull dot com)" but using off_t instead of signed long (originally: uint)

I tested this on 64bit linux and succeeded uploading a file of 4.8 G. The File did not get corrupted or truncated in any way.

I did not yet test this under windows or 32 bit linux

Note that there are still limitations:

* Did not test for files > 8 G * php does not yet reject absurdly high values * Still limited by underlying file system specific limits and free space * in upload * tmp dir and destination dir/php-src/sapi/cgi/cgi_main.c

* implement new output API, fixing some bugs and implementing some feature requests--let's see what I can dig out of the bugtracker for NEWS-- and while crossing the road: * implemented new zlib API * fixed up ext/tidy (what was "s&" in zend_parse_parameters() supposed to do?)

Implemented concept of "delayed early binding" that allows opcode caches to perform class declaration (early and/or run-time binding) in exactly the same order as vanila php. The following pseudo-code explains how it should be used in opcode cache.

- Rewrite scanner to be based on re2c instead of flex The full patch is available as: http://php.net/~helly/php-re2c-5.3-20080316.diff.txt This is against php-re2c repository version 98 An older patch against version 97 is available under: http://php.net/~helly/php-re2c-97-20080316.diff.txt/php-src/sapi/cgi/cgi_main.c

MFH:- Added common getopt implementation to core. MFH:- Added long-option feature to getopt(). MFH:- Made getopt() available on win32 systems. MFH: Patch by: David Soria Parra <dsp@php.net> [DOC]: These changes will be available from 5.3+

- Added ".htaccess" style user-defined php.ini files support for CGI/FastCGI. - Added support for special [PATH=/opt/httpd/www.example.com/] sections in php.ini. All directives set in these sections will not be able to be overridden in user-defined ini-files or during runtime in the specified path.

Due to licensing restrictions that actually don't allow anybody to use the libfcgi code without prior approval from Open Market, which is impossible to obtain - we decided to reimplement this interface from scratch. The result is actually slightly faster, and more importantly, clear of any copyright issues./php-src/sapi/cgi/cgi_main.c

Fix for bug #32263 This adds proto_num to request_info. It is defaulted to HTTP 1.0 (1000) such that it has a valid value even if the underlying sapi doesn't set it correctly. It is then used to determine if a 302 or a 303 should be sent on a Location redirect. Any non GET/HEAD HTTP 1.1 redirect will get a 303 instead of a 302 to be compatible with the HTTP spec./php-src/sapi/cgi/cgi_main.c

Add the new request_time sapi struct entry to all the sapis. Some of these may have ways of getting the request time without the extra syscall, but for now let's just make sure we don't crash and people will eventually fill these in where applicable./php-src/sapi/cgi/cgi_main.c

As discussed a while ago. There is no reason to disallow command-line arguments for the cgi version when run in a cgi context. Our own test framework is in fact broken because of this unnecessary restriction./php-src/sapi/cgi/cgi_main.c

fix bug http://bugs.php.net/bug.php?id=24009 also do not use APPL_PHYSICAL_PATH as DOCUMENT_ROOT under IIS, it's different depending on IIS configuration. Code works fine without it, that was just an attempt at a shortcut./php-src/sapi/cgi/cgi_main.c

There is *absolutely no* definitive way to know if argv0 is the actual php script, or if it is the beginning of a query string. Additionaly, passing parameters on the command line is not part of CGI spec, and is not required by either Apache or IIS. So I have removed that code altogether, and done some further cleanup. Also fix pre4.3 behaviour if fix_pathinfo=0. I've tested with IIS and Apache 1.3.27 on w2k and RH 7.3./php-src/sapi/cgi/cgi_main.c

Fix CGI to match cgi spec. This patch properly fixes support for CGI in PHP. For backwards compatible broken behaviour, cgi.fix_pathinfo can be set to zero in php.ini. CGI failed to work under apache at all, either using the cgi-script directive or as a ScriptAlias setup. Typicaly it would try to parse itself. This will still happen if you dissable fix_pathinfo, and set DISCARD_PATH. This also fixes PATH_INFO, and finally we can run pres2 under cgi or fastcgi. This patch has been tested under Apache 1.3, 2.0, IIS, as both cgi and fastcgi, on Windows and OSX. A followup patch with build stuff for linux will follow./php-src/sapi/cgi/cgi_main.c

Implemented -n switch to skip parsing ini at startup as suggested by Wez. #The switch 'n' was planned to be used for beautifying....delete n to make #clear these functions do not have a switch yet./php-src/sapi/cgi/cgi_main.c

make fastcgi usage threadsafe, ready for future multithreaded fastcgi implementation get rid of environment overwriting but hooking into php's environment function set $_ENV correctly for mod_fastcgi add -b to specify binding for fastcgi new readme file with information for running under apache2.0 and iis/php-src/sapi/cgi/cgi_main.c

- This affects both CGI and CLI sapi: Remove Zend version output from -m switch and move it over to the output of the -v switch (-v is supposed to list version numbers, not -m)./php-src/sapi/cgi/cgi_main.c

combine fastcgi capability with regular cgi binary include fastcgi library for ease of windows builds NOTE: included fastcgi library is modified for thread safety, but fastcgi support in cgi_main.c is only written for single threaded serving. This does not present any issue for using fastcgi./php-src/sapi/cgi/cgi_main.c

This is much better. With FORCE_CGI_REDIRECT turned on by default for compilation, we can now define this in the ini file. So it can be turned on for apache, turned off for IIS which does not have a redirect issue. Alternately, a different 'REDIRECT_STATUS' environment var can be defined in case some web server out there needs it.

should be discused: fix redirect detection to only work with apache or netscape, where we know they set an environment variable regarding redirect. IIS has no security issue here. Don't know about other windows web servers./php-src/sapi/cgi/cgi_main.c

- Get rid of ELS_*(), and use TSRMLS_*() instead. - Move to the new ts_allocate_id() API This patch is *bound* to break some files, as I must have had typos somewhere. If you use any uncommon extension, please try to build it.../php-src/sapi/cgi/cgi_main.c

# This is as discussed on the mailing list previously. This change # does fix the problem, however, the extra code was in there for a # reason (I'm guessing :), i'm ready to revert this patch in a jiffy # if someone has a good reason why that (just removed) extra logic # should be in there./php-src/sapi/cgi/cgi_main.c

Fix a bug with POST requests. If the Content-Type header wasn't present, we were setting SG(request_info).content_type to NULL, instead of an empty string. This was stopping PHP from processing the data./php-src/sapi/cgi/cgi_main.c

- Finally rename modules.h to zend_modules.h for consistency (first try was 2000-03-11). - Remove the first_arg_force_ref[]; and friends extern from php.h as they are included via zend_API.h/php-src/sapi/cgi/cgi_main.c

- Make sapi_module available to external modules (PHPAPI) - Make the php.ini path reported in phpinfo() always point to real full path of the php.ini file - Optimized the ISAPI module not to read unnecessary server variables and read necessary variables at most once./php-src/sapi/cgi/cgi_main.c

Fixed a bug in $argv and $argc not being properly defined in command-line mode @- Fixed a bug that prevented $argv and $argc from being defined in the command @ line version of PHP (Stas)/php-src/sapi/cgi/cgi_main.c

@PHP 3 regression testing framework re-born (Stig) Took the old PHP 3 regression testing framework and rewrote it in PHP. Should work on both Windows and UNIX, however I have not tested it on Windows. See tests/README for how to write tests. Added the PHP 3 tests and converted most of them./php-src/sapi/cgi/cgi_main.c

Heads up! I have moved the headers_only and response_code checks out of SAPI and down into the individual SAPI modules. I have made the appropriate changes in all the SAPI modules, but please verify these. The reason for this change is that Apache sometimes will feed PHP a request_method of GET but have r->header_only set to true. This happens in an ErrorDocument redirect. In this same scenario we want to preserve the status code as well instead of just overwriting it with a 200 and losing this information. For now the other sapi modules act exactly as before since they probably do not make this distinction, and they may not even have a valid response code this early in the request. @ Fix HEAD request bug on an Apache ErrorDocument redirect and preserve @ the status code across the redirect as well. (Rasmus)/php-src/sapi/cgi/cgi_main.c

make -c in stand-alone mode work again. Setting ini_path after php_module_startup doesn't do much good - since php_module_startup reads .ini. # This fix is very ugly. Everyone is welcome to make better fix # that won't report errors twice and won't scan argument 3 times/php-src/sapi/cgi/cgi_main.c

If we freed it, we might not touch it # BTW, this is not a real fix - we still might use it # when reporting memory leaks, but at least we won't reference # unitialized memory/php-src/sapi/cgi/cgi_main.c

- Try and fix crash with CGI. - Please check out the comment I wrote in init_request_info(). There was a - lot of code there which was running for no apparent reason. Should it be - removed or should it actually run?/php-src/sapi/cgi/cgi_main.c

SAPIfication, Episode VI: Return of the SAPI Remove mostly all references to APACHE and CGI_BINARY from the code.

- Apache include files are no longer included by any PHP code, except for the Apache SAPI module. - No server specific code is in any of the base PHP code.

Still left to be done: - Eliminate any references to APACHE from the few remaining modules. - Move request_info.c's logic to SAPI - Modify the regex function names, and globals, so that we can always include them, without having to fear any interference with Apache; Always use the bundled regex library/php-src/sapi/cgi/cgi_main.c

- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly to $HTTP_GET_VARS[], contain environment and server variables. Setting register_globals to Off will now also prevent registration of the environment and server variables into the global scope (Zeev) - Renamed gpc_globals to register_globals (Zeev) - Introduced variables_order that deprecates gpc_order, and allows control over the server and environment variables, in addition to GET/POST/Cookies (Zeev)/php-src/sapi/cgi/cgi_main.c

- Added flush() support to SAPI - Got rid of the old flush() implemenetation in favour of the new one - Added implicit_flush() support to the output buffering layer. @- Added implicit_flush() to control whether flush() should be called @ implicitly after any output (Zeev)/php-src/sapi/cgi/cgi_main.c

Clean up php3.*\.h files. The files itself are renamed, and references in all .*\.[ch] files were changed. There is a slight chance that my script missed a few changes, please correct them manually./php-src/sapi/cgi/cgi_main.c

Generalized server-API build process on UNIX. Each SAPI implementation now has its own directory under sapi/, just like extensions have theirs under ext/. To make the final targets appear in the main dir, the top-level Makefile includes sapi/NN/Makefile.inc from the selected sapi backend. This is a plan Makefile stub without any autoconf substitutions. Each SAPI backend also has its own config.m4 like extensions (read at the end of diversion 2) and config.h.stub files.

Each SAPI backend has to contain:

config.m4: just like for extensions, this file contains autoconf/automake directives that end up in the configure script. The only difference is that the sapi config.m4 files are read in diversion (output block) 2 instead of 3. The sapi config.m4 files should set two variables: PHP_SAPI (which sapi backend to choose) and SAPI_TARGET (the name of the resulting library or program, previously BINNAME). If they are not specified, they will default to "cgi" and "php", respectively.

Makefile.inc: has to exist, has to define "INSTALL_IT" to the command used to install the final target (or ":" for no operation). It also has to define a plain Makefile rule (without autoconf substitutions) to build $(SAPI_TARGET)

Makefile.am: just what you think. Make sure your target is called "libphpsapi_NNN.a", where NNN is the value of PHP_SAPI.

Some testing and fixing probably remains. To make everything hang together, I've done some ugly tricks that I can imagine causing some problems. I've built and run the CGI version and built the Apache DSO./php-src/sapi/cgi/cgi_main.c